HistoryNet.com RSS
ArmchairGeneral.com RSS

HistoryNet.com Articles
America's Civil War
American History
Aviation History
Civil War Times
MHQ
Military History
Vietnam
Wild West
World War II

ACG Online
ACG Magazine
Stuff We Like
War College
History News
Tactics 101
Carlo D'Este
Books

ACG Gaming
Boardgames
PC Game Reviews

ACG Network
Contact Us
Our Newsletter
Meet Our Staff
Advertise With Us

Sites We Support
HistoryNet.com
StreamHistory.com
Once A Marine
The Art of Battle
Game Squad
Mil. History Podcast
Russian Army - WW2
Achtung Panzer!
Mil History Online

Go Back   Armchair General and HistoryNet >> The Best Forums in History > Historical Events & Eras > Warfare by Other Means

Notices and Announcements

Warfare by Other Means Economics, demographics, cultural, technological, and other factors that have affected the course of history.

Reply
 
Thread Tools Display Modes
  #1  
Old 17 Nov 10, 12:55
GCoyote's Avatar
GCoyote GCoyote is offline
ACG Forums - canis administrationem
United_States
Distinguished Service Award ACG Ten Year Service Award ACG 5 Year Service Ribbon Greatest Westerns Campaign 
Greatest Spy Movies Campaign Greatest Blunders Campaign Best Pin-Up Of World War II Most Significant/Influential Tank Campaign 
Most Significant/Influential Multi-Role Aircraft C 
 
Real Name: Gary C
Join Date: Aug 2004
Location: Laurel, MD, USA
Posts: 19,109
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+] GCoyote has achieved enlightenment [1200+]
Exclamation The continuing evolution of Cyber warfare



Stuxnet Designed To Sabotage Iran Nuclear Facilities

technical paper available here --
http://www.symantec.com/content/en/u...et_dossier.pdf

How big a change is this? How will it affect future conflicts?

Your thoughts?
__________________
Any metaphor will tear if stretched over too much reality.

Questions about our site? See the FAQ.
Reply With Quote
Facebook Connect and Magazine Promotions

World War II Magazine
$26.95

Armchair General Magazine
$26.95
Military History Magazine
$26.95
  #2  
Old 17 Nov 10, 13:14
Destroyer25's Avatar
Destroyer25 Destroyer25 is offline
General of the Forums
Canada
ACG 5 Year Service Ribbon Best Pin-Up Of World War II Most Significant/Influential Tank Campaign Most Significant/Influential Multi-Role Aircraft C 
Greatest/Best Tank of WW2 Campaign 
 
Real Name: "Dest"
Join Date: Jun 2009
Location: Toronto, ON, Canada
Posts: 7,687
Destroyer25 is a jewel in the rough [500]
Destroyer25 is a jewel in the rough [500] Destroyer25 is a jewel in the rough [500] Destroyer25 is a jewel in the rough [500] Destroyer25 is a jewel in the rough [500] Destroyer25 is a jewel in the rough [500] Destroyer25 is a jewel in the rough [500] Destroyer25 is a jewel in the rough [500] Destroyer25 is a jewel in the rough [500] Destroyer25 is a jewel in the rough [500] Destroyer25 is a jewel in the rough [500]
I'm curious, who's leading the way in the 4th Dimension of Warfare? I heard that Russia is really embracing it.
__________________
A wild liberal appears! Conservative uses logical reasoning and empirical evidence! It's super effective! Wild liberal faints.
Reply With Quote
  #3  
Old 17 Nov 10, 14:01
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
First of all, Stuxnet is a really complex bit of code that's partially dependent on hardware. If you look at the infection rates and breadth of exposure, it's pretty good in terms of the developer. The fact that it primarily attacks Siemens ICS and uses PLCs (Programmable Logic Controllers) as targets means it's a pretty sophisticated tool. Definitely not script kiddies at work. The fact that it's designed to bypass external network requirements is really nice (so to speak). It's definitely effective since it got beyond its main target, the Iranians.

Second, since Stuxnet is targeted at Siemens ICS and PLCs attached, by itself Stuxnet doesn't mean much to most everyone here directly. However, since this tools been out, you can be sure that everyone who is anyone in the blackhat world is busy designing something to attack someone elses infrastructure whether it's Siemens or not using the same methodology or slight variations. It's kind of the nightmare scenario if you're running nuke plants or electrical distribution or comms of any sort because they all use PLCs somewhere in their network. Pretty much any industry that has hardware is vulnerable. Even your typical AC or refrigeration has PLCs or one kind or another.

Now whether or not they actually get exposed is a good question. Since a typical nuke plant is usually pretty secure and the Iranians aren't entirely stupid, we can say that Stuxnet was introduced through some pretty clever means through spywork probably. Definitely some human/social engineering. Did it get delivered through Siemens or did someone find a vulnerable engineer in Iran and load it to his work machine or portable drives somehow? Maybe even a bureaucrat delivered it accidently. Very interesting and problematic. The fact that it got beyond the nuke plant and to so many other sites is very interesting too.

How would it affect the normal everyday person? Probably not much unless it was at a higher level of infrastructure (power, comms, traffic control, etc. etc.) Would any US equipment get exposed? Yes, they did already based on the infection graphs. I would be interested to see who got hit and what their cleanup methodology is/was. But we'll probably never know as no one in their right mind would want the public to know that their business got hit.

How would it effect military gear? Pretty much everything mechanical that has electrical controls has PLCs. Dunno if anyone has noticed but MS came out with a slew of big security updates recently some of which addressed this issue. The question is how PLCs get designed and updated in the future and how we secure equipment like that. Very very complex.

As a warfighting tool, umm, it's very useful to harass and disable and as an indirect method of causing trouble. Not sure how good it would be as far as modifying code on aircraft, tanks, or ships (unless they use MS Windows as a utility tool set a la the French or anyone else silly enough to use MS Win in a combat role). Personally, if I were doing anything on gear like PLCs, I would use Linux or Unix instead. It's not that they are invulnerable to things like Stuxnet but it's a bit more difficult to engineer attacks through root privileges. Stuxnet is just the beginning though.

Last edited by boomer400; 17 Nov 10 at 14:16..
Reply With Quote
  #4  
Old 17 Nov 10, 23:54
Carl Schwamberg's Avatar
Carl Schwamberg Carl Schwamberg is offline
General of the Forums
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Join Date: Jul 2006
Location: Indiana
Posts: 10,425
Carl Schwamberg gives and gets respect [800]
Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800]
Chinese Cyber Test

This from another discussion board. I'm curious if the artical is good or BS?

****************************
http://arstechnica.com/security/news...18-minutes.ars

In a 300+ page report (PDF) today, the US-China Economic and Security Review Commission provided the US Congress with a detailed overview of what's been happening in China—including a curious incident in which 15 percent of the world's Internet traffic suddenly passed through Chinese servers on the way to its destination.

Here's how the Commission describes the incident, which took place earlier this year:

For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed US and other foreign Internet traffic to travel through Chinese servers. Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet’s destinations through servers located in China. This incident affected traffic to and from US government (‘‘.gov’’) and military (‘‘.mil’’) sites, including those for the Senate, the army, the navy, the marine corps, the air force, the office of secretary of Defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others. Certain commercial websites were also affected, such as those for Dell, Yahoo!, Microsoft, and IBM.

The culprit here was "IP hijacking," a well-known routing problem in a worldwide system based largely on trust. Routers rely on the Border Gateway Protocol (BGP) to puzzle out the best route between two IP addresses; when one party advertises incorrect routing information, routers across the globe can be convinced to send traffic on geographically absurd paths.
Reply With Quote
  #5  
Old 18 Nov 10, 01:07
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Well, the article is ok but neglects to specifically mention exactly what gear was affected and how. Now, BGP is somewhat of an arcane interface and quite often is problematic (aside from being not particularly secure). It's employed on virtually every highend edge and core switch/router out there. But it is still well understood by most well-trained network engineers so it's not a total mystery.

For instance, here's a document to ignite any paranoids fears : it's from China, authored by some Chinese network engineers and outline exactly the insecurities within BGP (as well as some ways to secure it too). Even is within the timeline (2009 just before the failure). It pretty much leads you to exactly where that routing failure occurred. Whether that 18 minutes was a deliberate "attack" is sort of a good question.

But I would say that :
1) if it was, it was a pretty poor way to get some data out of the supposed mountains they might've been able to stockpile,
2) it was a good way to practice a mass attack for messing with the Web but poorly planned and executed,
3) Don't assume that it was necessarily from the Chinese. The Webs' nature can mean that attacks can be generated anywhere and launched somewhere else some other time. You can be sure that every government with a cyber team/division/ministry has ways to get things done somewhere else.
4)the Chinese use a lot of Russian expertise, they're very good. Israelis might be a smidge better but there aren't as many of them.
5) lots of network engineers make mistakes, even the good ones. There's a lot of stuff to remember and a hell of a lot of different brands of gear.
Attached Files
File Type: pdf 2P4_0700[1].pdf (141.4 KB, 1 views)
Reply With Quote
  #6  
Old 18 Nov 10, 04:01
Sino Invasion's Avatar
Sino Invasion Sino Invasion is offline
Brigadier General
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Real Name: Brian
Join Date: Apr 2006
Location: Malaysia
Posts: 2,078
Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200]
Some questions...

Still this Stuxnet thing doesn't quite ring true to me. My one main assumption. It's very sophisticated and is aimed at one particular Iranian target. Now that brings some questions to mind:

1. Why did the thing spread to thousands of computers? Supposedly it was made to attack some specific set-up of PLCs? Reports said it attacked thousands of PCs in multiple countries? Why attack a PC; they have no PLCs? Also I thought the thing was introduced via a memory stick.

2. Did it actually carry off the attack that it was designed for? Certainly no major part of the Iranian nuke program seems to have been seriously impacted.

3. Why was it allowed to be "found"? It seems that if you could make a program this sophisticated, then you could make the sucker "self destruct" after it carried out its attack. Instead it goes on a typical (for computer bad things) PC chomping, very public; rampage.

I guess those questions cover my basic doubts. Overall it seems that whoever made this wanted it found and dissected. Why? Is it a massive misinformation campaign? Will this force changes in the target system that will then allow it to actually be attacked? Etc.

The basic story just doesn't ring true to me. Granted I'm a computer novice. maybe some of you who have a better understanding could dispel some of my doubts.
__________________
Save America!! Impeach Obama!!
Reply With Quote
  #7  
Old 18 Nov 10, 23:30
PhilipLaos's Avatar
PhilipLaos PhilipLaos is offline
Lord Of The English Manor
UK
Distinguished Service Award ACG 5 Year Service Ribbon Best Pin-Up Of World War II 
 
Real Name: Philip Gibson
Join Date: Jun 2010
Location: Vientiane, Laos
Posts: 14,588
PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+]
PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+] PhilipLaos has achieved enlightenment [1200+]
Well a couple of things are sure: the Russians and east-Asians are really good at this stuff; it has already been used as an attack vehicle (to cyber-attack Estonia, etc?); they will get even better at it and there will be more attacks (probably more commercial than military) in the future.


Philip
Reply With Quote
  #8  
Old 20 Nov 10, 14:20
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Quote:
Originally Posted by Sino Invasion View Post
Still this Stuxnet thing doesn't quite ring true to me. My one main assumption. It's very sophisticated and is aimed at one particular Iranian target. Now that brings some questions to mind:

1. Why did the thing spread to thousands of computers? Supposedly it was made to attack some specific set-up of PLCs? Reports said it attacked thousands of PCs in multiple countries? Why attack a PC; they have no PLCs? Also I thought the thing was introduced via a memory stick.

2. Did it actually carry off the attack that it was designed for? Certainly no major part of the Iranian nuke program seems to have been seriously impacted.

3. Why was it allowed to be "found"? It seems that if you could make a program this sophisticated, then you could make the sucker "self destruct" after it carried out its attack. Instead it goes on a typical (for computer bad things) PC chomping, very public; rampage.

I guess those questions cover my basic doubts. Overall it seems that whoever made this wanted it found and dissected. Why? Is it a massive misinformation campaign? Will this force changes in the target system that will then allow it to actually be attacked? Etc.

The basic story just doesn't ring true to me. Granted I'm a computer novice. maybe some of you who have a better understanding could dispel some of my doubts.
Sorry, I did this earlier but my session got dropped and my comments lost, so here's try #2.

1. Why did the thing spread to thousands of computers? Supposedly it was made to attack some specific set-up of PLCs? Reports said it attacked thousands of PCs in multiple countries? Why attack a PC; they have no PLCs? Also I thought the thing was introduced via a memory stick.

Answer : Stuxnet was designed to be delivered mainly by USB sticks (I suspect that in the future it will address further methods other than its initial attack modes). It can also attack via internal network connections (intranets to some). Normally, it is not designed to attack over web connections (which probably will change in the future). Most people use USB sticks to carry things like docs, project info, etc. but also music, video, media of all sorts. And that is where the exposure problem is when someone takes their files, makes them portable and brings them to work or home. If you're the delivery man, you will bring your USB drive to work and plug it somewhere on a PC or laptop. Now you've introduced it to the worksite. It doesn't matter if Siemens WinCC or PCS7 or a PLC is even there, the malware is ready to go. It will search for WinCC or PCS7 on the local machine in order to wait for someone to connect to a PLC. Otherwise, it's waiting for another available network device or a USB stick to show up in order to propagate. If Joe Blow shows up, unaware and uninfected, logs onto the network and starts working, he will likely pick up that infection quite instantly. Same thing goes for plugging in his USB drive with the latest hackwarz or "free" download of Celine Dion. This is an example of the typical "zero-day infection" where an unsecured security lapse will allow malware to explode everywhere because there is no way to detect it yet.
If you access/deliver the malware code at work, you will bring the malware to home. If you have any kind of home network or share a machine with your family members, you will propagate the code to their machine or their USB drive that they may use in their work, school, etc. From there, it will spread out further. Here in the US, most everyone I know in defense industries, aren't allowed to use USB flash drives anywhere and their machines are typically crippled so they can't use USB ports.
The PC is infected as a host, the target is the PLC. So your USB drive is the delivery method where the malware uses your PC as the conduit or physical method to access the PLC since the PLC does not have a USB port normally.

2. Did it actually carry off the attack that it was designed for? Certainly no major part of the Iranian nuke program seems to have been seriously impacted.
Answer : I think it definitely worked; it's not like a JDAMS here the a target will physically be destroyed. This thing will screw up your network and damage your PLCs. I'm sure for quite some time, they were having fits trying to figure why their gear wasn't working right. They may not even have been aware they were fighting a malware infestation. This type of damage is indirect, you damage and slow down their resources and confuse so normal day-to-day activities are impaired. For the deployer, a 4-6 month continuous diversion would probably be considered a great success.

3. Why was it allowed to be "found"? It seems that if you could make a program this sophisticated, then you could make the sucker "self destruct" after it carried out its attack. Instead it goes on a typical (for computer bad things) PC chomping, very public; rampage.
Answer : malware like this doesn't self-destruct, it's designed to live forever. So we will have to worry about Stuxnet and future variants forever. Pretty much all malware/rootkits aren't designed to self-destruct; it's not in their nature. They are designed to annoy us perpetually and therefore consume resources.

4) I guess those questions cover my basic doubts. Overall it seems that whoever made this wanted it found and dissected. Why? Is it a massive misinformation campaign? Will this force changes in the target system that will then allow it to actually be attacked? Etc.

Because of the way malware can be delivered, it is always forensically traceable. It may take longer and more resources but it can always be done. Most of us just don't bother and (should) install anti-virus, anti-malware, anti-spyware, anti-rootkit tools and (should) run scans with them religiously on our machines, keep them updated continuously, and not visit questionable websites. But that to some extent goes against human nature. Good admins will do all of the above and worry all the time about these kinds of things. Which is probably what the Iranians are doing right now.
Reply With Quote
  #9  
Old 25 Nov 10, 11:45
Carl Schwamberg's Avatar
Carl Schwamberg Carl Schwamberg is offline
General of the Forums
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Join Date: Jul 2006
Location: Indiana
Posts: 10,425
Carl Schwamberg gives and gets respect [800]
Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800]
Anyone here examine in depth the intrusive programs entering their machine from any outside source? that is any cookies, ect... other than what is legitmately part of software you approved for down loading. I'am a bit curious what sort of stuff can be specifically identified. I hear all these second hand stories, or complaints from people about 'something' that messed with their PC. Can anyone here address specifics they have solid information on with equipment they use?
Reply With Quote
  #10  
Old 25 Nov 10, 21:57
Sino Invasion's Avatar
Sino Invasion Sino Invasion is offline
Brigadier General
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Real Name: Brian
Join Date: Apr 2006
Location: Malaysia
Posts: 2,078
Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200] Sino Invasion is walking in the light [200]
Boomer400...

Thanks for the answers!
__________________
Save America!! Impeach Obama!!
Reply With Quote
Sponsored Links

  #11  
Old 29 Nov 10, 15:35
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Thumbs up

Quote:
Originally Posted by Carl Schwamberg View Post
Anyone here examine in depth the intrusive programs entering their machine from any outside source? that is any cookies, ect... other than what is legitmately part of software you approved for down loading. I'am a bit curious what sort of stuff can be specifically identified. I hear all these second hand stories, or complaints from people about 'something' that messed with their PC. Can anyone here address specifics they have solid information on with equipment they use?
Actually, it is fairly easy if you have any decent software firewall or even a hardware firewall with logging. Normally, firewalls will log all info (if set up to do this) ad infinitum until you're out of disk. The trick to analyzing is to have a good tool, knowledge, and time to parse it all out. Using a typical software firewall, set it so it logs all activity to disk for a long period of typical use. For instance, when you power on, log on in the AM and turn it off at night. Save your logs then run it again when you're not actively doing anything on your system but are logged on and the PC has access to the net.

You can take your log dumps and then analyze them with a network packet tool and you can compare the 2 to see exactly what's going on when you're working and when you're not. You will be surprised to see how much activity occurs when you're not even touching the machine. Most authorized programs generate a lot of traffic just trying to update or send a sense packet to the OEM. It can really be annoying sometimes to have to troll through that kind of activity. Then when you actually start a web session it gets even worse with all the cookie activity running all over the place. Finally, you'll probably see quite a few network and portscans running to see what's open on your network.

I've used Cisco, early Checkpoint netapps, Sonicwall, and Watchguard and generally they're all pretty similar. It's only when you start specifically designing your network where it gets difficult. For instance, you start subnetting and creating VLANs, it can get really confusing. In a large network, it's a lot of data to handle. Personally, if one is interested, Snort IDS/IPS is a great place to start, especially for small offices or hardcore personal offices. It's free, not excessively difficult to setup, and you can learn a huge amount from it. There's even a Win version of it. Plus, the Snort folks have some really awesome tools for examining your data and network, really really good stuff. If you have a spare 2 yr old PC, it's very doable, just Google it and fiddle away.

Another thing to try out is a "honeypot" which acts as a decoy on your network attracting undue attention. It's useful as well.

Last edited by boomer400; 29 Nov 10 at 15:40..
Reply With Quote
  #12  
Old 29 Nov 10, 18:13
Carl Schwamberg's Avatar
Carl Schwamberg Carl Schwamberg is offline
General of the Forums
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Join Date: Jul 2006
Location: Indiana
Posts: 10,425
Carl Schwamberg gives and gets respect [800]
Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800]
boomer400.... thanks. A lot of that was above my expertise, but I probablly caught the essentials. Perhaps a honey pot was what my stepson had set up when he was living with us. He gave me a heads up to several sites that were attempting attaching crap I could do without to my machine. Unfortunatly for me his business is security & he wont discuss details about what he runs across. "Install good quality protection, & update passwords regularly" is his stock answer.

"Snort IDS/IPS is a great place to start.."

The stepson spent a lot of time fussing with 'Snort' a few years ago when he was doing bank cyber security.
Reply With Quote
  #13  
Old 29 Nov 10, 22:55
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
Hehe, security is a big business and bank security is really big and evolving fast. One thing I recommend (aside from firewalls, antivirus, antispyware) is to never set your web sessions to save your passwords or even logons. It's a pain in the ass to remember but it makes it more difficult for somebody to pull the data off and run it through a password analyzer. And resetting your passwords regularly makes it much tougher for somebody to hack them as well. Again, it's a bit of a pain (especially if you truly vary your passwords a lot as opposed to add a digit like going from cs001 to cs002) but what would you rather have to deal with, someone infiltrating your banking online?

PS, never let your wireless network broadcast its SSID, always secure it with appropriate passwords, and never bank wirelessly or from a free location.

Last edited by boomer400; 29 Nov 10 at 23:09..
Reply With Quote
  #14  
Old 30 Nov 10, 00:15
Carl Schwamberg's Avatar
Carl Schwamberg Carl Schwamberg is offline
General of the Forums
United_States
ACG Ten Year Service Award ACG 5 Year Service Ribbon 
 
Join Date: Jul 2006
Location: Indiana
Posts: 10,425
Carl Schwamberg gives and gets respect [800]
Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800] Carl Schwamberg gives and gets respect [800]
Quote:
Originally Posted by boomer400 View Post
Hehe, security is a big business and bank security is really big and evolving fast. One thing I recommend (aside from firewalls, antivirus, antispyware) is to never set your web sessions to save your passwords or even logons. It's a pain in the ass to remember but it makes it more difficult for somebody to pull the data off and run it through a password analyzer. And resetting your passwords regularly makes it much tougher for somebody to hack them as well. Again, it's a bit of a pain (especially if you truly vary your passwords a lot as opposed to add a digit like going from cs001 to cs002) but what would you rather have to deal with, someone infiltrating your banking online?

PS, never let your wireless network broadcast its SSID, always secure it with appropriate passwords, and never bank wirelessly or from a free location.
Reminds me, I need to change my password here.

Stepson sold or gave away the bank security thing. Now its not clear what he does, but the FBI calls often, and he travels to exotic foreign lands regularly as well as in the US.

So, with all that what sort of the garbage do you see washing up against your machine from the cyber sea?
Reply With Quote
  #15  
Old 30 Nov 10, 00:44
boomer400's Avatar
boomer400 boomer400 is offline
Colonel
United_States
ACG 5 Year Service Ribbon 
 
Join Date: Aug 2008
Location: Los Angeles
Posts: 1,838
boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200] boomer400 is walking in the light [200]
I try to avoid aimless surfing as it just gets you into trouble. Research is another thing and I try to be extremely judicious about URLs and where they point. The biggest problem I see nowadays is when my kids go online and I have to protect them against trojan droppers like fake antivirus ads. It's mostly an educational thing and training for situational awareness on websurfing for them. It helps for me to have system images for their machines and for me to regularly wipe their disks and reload (although I have to refresh the images more often than I would like).
The other big thing is preventing netscans from getting through the occasional open port I might have. That's mainly a nuisance though. No real troubles at home. At work, ugh. Constant cleaning, refreshing, purging, etc. etc. But I haven't been hit yet by anything serious (cross my fingers, count my beads).
Reply With Quote
Reply

Please bookmark this thread if you enjoyed it!


Thread Tools
Display Modes



Forum Jump

All times are GMT -4. The time now is 14:43.
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.